One cyber trend we felt ranked as one of the most notable was a shifting attitude among security professionals over the last 12 months. We took a look back at our 2015 research, which revealed security professionals feeling good about their chances to prevail in 2015 that quickly waned as threats continued to evolve.

Optimism waned as cyberattacks continued.

In our 2015 Predications from the Front Lines report, published in November 2014, 94% of security professionals said they were optimistic that their ability to prevent security breaches would improve in the coming year. Despite their confidence, most respondents still had plans to invest in advanced malware defenses and update their cybersecurity policies after 2014’s “Year of the Breach.”

Turns out they may have been a bit too optimistic because opinions soured by year’s end.

In a ThreatTrack-commissioned survey in October 2015, we found a very different perspective from respondents: An unease about existing technology and growing concern about cyberattacks. Three-fourths (75%) of respondents cited speedy detection of active advance threats lacking, while the ability to execute immediate remediation/blocking threat activity came in at a close second (70%).

Security professionals assurance that they were prepared for cyberattacks has most certainly waned as malware continued to advance at alarming rates. The 2015 study found enterprise security teams concerned with three things: the growing volume and sophistication of attacks, the challenge of managing security complexity, and the rising costs of data breaches.

Attitude and Action

These shifting attitudes have impacted planned investments by enterprise security professionals. Here’s a look at where we started in 2015 and where we ended up:

Top planned investments for 2015
(November 2014)*

Needed improvements
(as of October 2015)+

Rapid detection of sophisticated malware (70%)

Speedy detection of active advanced threats (75%)

Prioritization of security threats (58%)

Execute immediate remediation of threats (70%)

Updated security policies (56%)

Accuracy/minimal false positives (67%)

Investment in threat intelligence (54%)

Prioritization of risks/threats (54%)

Replacement of ineffective endpoint solutions (51%)

Real-time analysis of malware samples (41%)

What do you think? Were security professionals too optimistic about their ability to defend against cyberattacks heading into 2015? Were the right investments made in 2015 to prepare for advanced threats? What do you feel your chances are throughout 2016?

*“2015 Predications from the Front Lines: Cybersecurity Professionals Very Confident in Their Ability to Fight Data Breaches in 2015”